Special Advertising Supplement: SC Essays – Why one AV engine isn’t enough | SC Media

Special Advertising Supplement: SC Essays – Why one AV engine isn’t enough

March 26, 2007

To be truly protected against all virus outbreaks, you need multiple engines with the right mix of capabilities, argues David Vella.

It is a well known fact that viruses, Trojan horses, worms, spam, andother forms of malware present a real threat to all modern-dayorganisations and affect productivity and business operationsnegatively. According to the 2006 FBI Crime and Security Survey, 97 percent of organisations have anti-virus software installed, yet 65 percent have been affected by a virus attack at least once during theprevious 12 months.

- The need to have a fast response time

One of the most important factors in the successful protection of yournetwork against viruses is how fast you get new virus engine signaturefiles - those files released by anti-virus labs that help to identify avirus when there is an outbreak.

Email allows viruses to be spread at lightning speed in a matter ofhours, and a single email virus is enough to infect your wholenetwork.

Obviously then, a critical factor is how fast the signature files ofyour anti-virus solution are updated when a new virus emerges. In everyvirus attack there is a time differential between the outbreak of thenew virus and the release of signatures to defeat and eliminate it. Thefaster a signature file is created, the less likely the chance of aninfection.

Every anti-virus vendor in the market claims to have a fast responsetime. However, the reality is not quite so sanguine. Anti-virus labsproduce updates for virus and worm outbreaks at different intervals.There is no one company that will always be the first and fastest torespond to a particular virus outbreak. Granted, some companies may befaster on more occasions, but it is never the same company that deliversprotection first every time.

- The case for multiple anti-virus engines

The argument in favour of using multiple anti-virus engines isstraightforward. It is predicated on the simple reality that there is nosingle anti-virus engine that is fastest, most effective and "the best"all the time. If you have an engine with the fastest average responsetime, then that is all you have. The clue is in the word "average".

It doesn't mean that it will be the fastest for the next virus outbreak.The results of an infection and effective "crash" of your organisation'ssystem can include lost productivity, lost business, downtime andincreased business costs.

Furthermore, from time to time, erroneous anti-virus engine updatesmight seep through since anti-virus vendors are constantly trying torelease updates as quickly as possible to combat an outbreak.

Relying on one single anti-virus engine will fail in such an event, asviruses might bypass the erroneous single anti-virus protection, whilemultiple anti-virus engines will provide a backup.

- A new paradigm and strategy

Since it is obvious that single scanning engine defences areinsufficient for the protection of your network then logic dictates adifferent strategy. Organisations need to implement a layered scanningsolution that combines multiple engines to greatly increase chances ofhaving at least one of those virus engines updated on time. Multiplevirus engines might also result in the right mix of technologicalcapabilities for any particular threat, thus increasing the chances ofyour network being protected.

prestitial ad